Skip to main content
CallTower Solutions Center

Firewall Settings

The following firewall changes are recommended to help ensure quality when using Skype4B.

IP

Description

Ports

63.128.106.132
63.128.106.135
63.128.106.143
63.128.106.143
63.128.106.146
63.128.106.146
63.128.106.149
63.128.106.155
67.213.189.101
67.213.189.104
67.213.189.26
67.213.189.29
67.213.189.32
67.213.189.73
67.213.189.76
67.213.189.79
67.213.189.89
67.213.189.92
67.213.189.95
67.213.189.98
67.213.189.107
67.213.189.110

SIP TCP: 443, 4443, 5061, 5269

63.128.106.134
63.128.106.137
63.128.106.145
63.128.106.145
63.128.106.148
63.128.106.148
63.128.106.151
63.128.106.157
67.213.189.100
67.213.189.103
67.213.189.106
67.213.189.28
67.213.189.31
67.213.189.34
67.213.189.75
67.213.189.78
67.213.189.81
67.213.189.91
67.213.189.94
67.213.189.97
67.213.189.109
67.213.189.112

Audio/Video TCP: 443; 50000-65535/UDP: 3478; 50000-65535
63.128.106.133
63.128.106.136
63.128.106.144
63.128.106.144
63.128.106.147
63.128.106.147
63.128.106.150
63.128.106.156
67.213.189.102
67.213.189.105
67.213.189.27
67.213.189.30
67.213.189.33
67.213.189.74
67.213.189.77
67.213.189.80
67.213.189.90
67.213.189.93
67.213.189.96
67.213.189.99
67.213.189.108
67.213.189.111
Conferencing TCP: 443
63.128.106.141
63.128.106.161
63.128.106.162
63.128.106.163
67.213.189.39
67.213.189.45
67.213.189.48
67.213.189.49
67.213.189.50
67.213.189.51
Web Services TCP: 80, 443
There are no server IPs to whitelist here. This is for peer to peer (P2P) content sharing, where media passes directly from one user to the other. Client to Client Application Sharing TCP: 42000-42039 / UDP:4 2000-42039
There are no server IPs to whitelist here. This is for peer to peer (P2P) content sharing, where the file passes directly from one user to the other. Client to Client File Sharing TCP: 42040-42079 / UDP: 42040-42079
There are no server IPs to whitelist here. This is for peer to peer (P2P) content sharing, where media passes directly from one user to the other. Client Media TCP: 5350-5389 / UDP: 5350-5389
     
  • It is recommended to also whitelist the domain ct950.com on your network as well as specifying the IP addresses
  • Another more flexible approach would be to simply whitelist both the 67.213.189.0/24 and 63.128.106.128/26 networks since we can and will add servers over time to multiple locations.
  •  If a "Sonic Firewall" or other is being used with "DPI" Deep Packet Inspection, it is recommended to disable this feature for Voice Traffic.       All Skype traffic is Encrypted Data traffic and this feature isn't necessary, also it will interfere with Skype/Voice services and cause QOS issues.  
  • If your router is not configured for the new traffic protocols that Skype for Business (Lync) will introduce to your network, you could experience packet loss, dropped calls and jitter. You must make sure that SIP inspection or SIP ALG (Application level gateway) are disabled on your routers and firewalls to prevent this from happening. You may need to contact your ISP to have this done, but make sure this is completed prior to deployment. These features in routers are intended to block SIP traffic and will interfere with Skype for Business (Lync) communications.